Bob Clary, Dan Kaminsky and David Keeler discovered that in libtheora, avideo library part of the Ogg project, several flaws allow allowcontext-dependent attackers via a large and specially crafted mediafile, to cause a denial of service (crash of the player using thislibrary), and possibly arbitrary code execution.

For the stable distribution (lenny), this problem has been fixed inversion 1.0~beta3-1+lenny1.

For the testing distribution (squeeze), this problem has been fixed inversion 1.1.0-1.

For the testing distribution (sid), this problem has been fixed inversion 1.1.0-1.